【原创】部署本地NTP服务

da11

部署本地NTP服务

环境准备：1台NTP服务端，2台NTP客户端，均是CentOS7系统


一、检查服务端和客户端是否安装NTP，如服务端和客户端没有安装NTP，就需要使用yum安装NTP
rpm -qa | grep ntp


如果没有ntp，则需要使用yum源安装
yum -y install ntp

二、配置NTP服务端
vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
#restrict default nomodify notrap nopeer noquery            # 这行注释，不注释其他客户端会无法访问

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap   # 这里配置允许访问NTP服务的网段

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst                                  # 外网时钟源禁用
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 127.127.1.0 iburst                                                # 配置本地时钟源，127.127.1.0是没错的，不是127.0.0.1
fudge 127.127.1.0 stratum 10


# 修改到这里就行了，保存退出



三、关闭防火墙或者配置放开UDP 123端口
配置略

四、开启NTP服务
systemctl restart ntpd
systemctl enable ntpd

五、验证服务端状态
ntpq -p


显示如上证明服务端配置正确。

六、配置两台客户端，修改配置文件 /etc/ntp.conf
vim /etc/ntp.conf

# For more information about this file, see the man pages
# ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).

driftfile /var/lib/ntp/drift

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default nomodify notrap nopeer noquery

# Permit all access over the loopback interface.  This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict ::1

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst                            # 外网时钟源禁用
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.2.1 iburst                                            # 配置NTP服务端节点


# 修改到这里就行了，保存退出



七、客户端关闭防火墙或者配置放开UDP 123端口
配置略

八、开启NTP服务
systemctl restart ntpd
systemctl enable ntpd


九、客户端手动同步时间
ntpdate -u 192.168.2.1



十、客户端查看服务端状态及验证
ntpq -p



现在使用date即可验证3台主机时间已经是一致了。